View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000340Xdebugpublic2007-11-23 19:062009-07-09 17:53
Reporters0enke Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0000340: Segfault while throwing an Exception
Description

With the Debian 5.2.0-etch8 stable package and Xdebug we're getting segfaults when throwing an exception with code like this:

            if (!in_array($this->mimeType, $this->config->getAllowedMimeTypes())) {
                    throw new cc_Upload_Exception('Mime-type not allowed: ' . $this->mimeType, cc_Upload_Exception::FILETYPE_NOT_ALLOWED);  
            }

But I'm not able to provide a short reproduce-script. Maybe the backtrace helps.

Additional Information

GDB Backtrace:

0xb6e43132 in xdebug_var_export_fancy (struc=0xbff64124, str=0xbff64104,
level=1, debug_zval=0, options=0x8387480) at
/tmp/pear/cache/xdebug-2.0.2/xdebug_var.c:965
965 if (myht->nApplyCount < 1) {
(gdb) bt
#0 0xb6e43132 in xdebug_var_export_fancy (struc=0xbff64124,
str=0xbff64104, level=1, debug_zval=0, options=0x8387480) at
/tmp/pear/cache/xdebug-2.0.2/xdebug_var.c:965
#1 0xb6e4347a in xdebug_get_zval_value_fancy (name=0x0, val=0x8a79bbc,
len=0xbff6415c, debug_zval=0, options=0x8387480) at
/tmp/pear/cache/xdebug-2.0.2/xdebug_var.c:1020
0000002 0xb6e284bf in dump_used_var_with_contents (htmlq=0xbff64250,
he=0x86e98a8, argument=0xbff641f8) at
/tmp/pear/cache/xdebug-2.0.2/xdebug.c:1681
0000003 0xb6e3e11d in xdebug_hash_apply_with_argument (h=0x8388bc0,
user=0xbff64250, cb=0xb6e2833a <dump_used_var_with_contents>,
argument=0xbff641f8)
at /tmp/pear/cache/xdebug-2.0.2/xdebug_hash.c:240
0000004 0xb6e29069 in get_printable_stack (html=1, error_type_str=0x8a60b58
"cc_Upload_Exception", buffer=0x8a7dd28 "Mime-type not allowed:
video/unknown",
error_filename=0x8a7dcb8
"/home/soenke/webs/trunk/common/classes/cc/Upload.php", error_lineno=141)
at /tmp/pear/cache/xdebug-2.0.2/xdebug.c:1891
0000005 0xb6e29e30 in xdebug_throw_exception_hook (exception=0x8a60aac) at
/tmp/pear/cache/xdebug-2.0.2/xdebug.c:2147
0000006 0xb74d5581 in zend_throw_exception_internal () from
/usr/lib/apache2/modules/libphp5.so
0000007 0xb74d565a in zend_throw_exception_object () from
/usr/lib/apache2/modules/libphp5.so
0000008 0xb74e31f1 in execute () from /usr/lib/apache2/modules/libphp5.so
0000009 0xb74de858 in execute () from /usr/lib/apache2/modules/libphp5.so
0000010 0xb6e27e6e in xdebug_execute (op_array=0x8a64704) at
/tmp/pear/cache/xdebug-2.0.2/xdebug.c:1509
0000011 0xb74ee841 in execute () from /usr/lib/apache2/modules/libphp5.so
0000012 0xb74de858 in execute () from /usr/lib/apache2/modules/libphp5.so
0000013 0xb6e27e6e in xdebug_execute (op_array=0x834fcf4) at
/tmp/pear/cache/xdebug-2.0.2/xdebug.c:1509
0000014 0xb74bfa2c in zend_execute_scripts () from
/usr/lib/apache2/modules/libphp5.so
0000015 0xb747ace2 in php_execute_script () from
/usr/lib/apache2/modules/libphp5.so
0000016 0xb7543383 in php_ap2_register_hook () from
/usr/lib/apache2/modules/libphp5.so
0000017 0x08074587 in ap_run_handler ()
0000018 0x08077731 in ap_invoke_handler ()
0000019 0x08084728 in ap_process_request ()
0000020 0x080819ce in ap_register_input_filter ()
0000021 0x0807b3c7 in ap_run_process_connection ()
0000022 0x08088704 in ap_graceful_stop_signalled ()
0000023 0x08088964 in ap_graceful_stop_signalled ()
0000024 0x0808972a in ap_mpm_run ()
0000025 0x080621ef in main ()

TagsNo tags attached.
Operating SystemDebian Etch
PHP Version5.2.0

Activities

rwilczek

2008-01-18 18:26

reporter   ~0000825

I can confirm that for Debian PHP 5.2.0-8+etch7

danielocallaghan

2008-08-08 11:14

reporter   ~0000868

I can also confirm that this is occurring also for: Debian 5.2.0-8+etch11
with xdebug versions: 2.0.2 and 2.0.3

LupusMichaelis

2008-08-13 15:53

reporter   ~0000869

It seems xdebug segfault when exception::$message isn't a string anymore.

<?php

class my_exception extends exception
{
public function __construct()
{
$this->message = new stdclass ;
}
}

throw new my_exception ;

?>

Test with php5-xdebug 2.0.3-1 debian package for testing.
Test with xdebug CVS v2.1.0-dev at 08/13/2008

LupusMichaelis

2008-08-14 12:35

reporter   ~0000871

Just add following list in xdebug.c[2324] :

convert_to_string(message) ;
convert_to_string(file) ;
convert_to_long(line) ;

So the segfault disappear, but I face an other issue :
Catchable fatal error: Object of class cls could not be converted to string in /home/mickael/tmp/xdebug/exception_fail.php on line 22

Call Stack:
0.0003 64440 1. {main}() /home/mickael/tmp/xdebug/exception_fail.php:0

my_exception: Object in /home/mickael/tmp/xdebug/exception_fail.php on line 12

Call Stack:
0.0003 64440 1. {main}() /home/mickael/tmp/xdebug/exception_fail.php:0

I dig deepper.

LupusMichaelis

2008-08-14 21:30

reporter   ~0000872

I patched the issue in PHP, so it'll segfault nor.

Now, convertto* cannot be user in an exception context. zend_std_cast_object_tostring from PHP Zend/zend_object_handlers.c beleive we're throwing an exception in exception::__tostring. So we're not.

I dig... :)

kolen

2009-06-03 20:13

reporter   ~0000963

Confirmed in 2.0.3 with PHP 5.2.6. Segfaults even if message class has __asString().

<?php

class TestClass {
function __asString() {
return "TestClass";
}
}

class MyException extends Exception {
function __construct() {
$this->message = new TestClass();
}
}

throw new MyException();

?>

LupusMichaelis

2009-06-16 12:37

reporter   ~0000966

(kolen) Did you try with my patch ? The segfault occurred even ?

derick

2009-07-09 17:53

administrator   ~0000986

Fixed in CVS. It will now throw a fatal error if you have the wrong types for those three properties. PHP itself has issues with it as well.

Issue History

Date Modified Username Field Change
2007-11-23 19:06 s0enke New Issue
2008-01-18 18:26 rwilczek Note Added: 0000825
2008-08-08 11:14 danielocallaghan Note Added: 0000868
2008-08-13 15:53 LupusMichaelis Note Added: 0000869
2008-08-14 12:35 LupusMichaelis Note Added: 0000871
2008-08-14 21:30 LupusMichaelis Note Added: 0000872
2009-06-03 20:13 kolen Note Added: 0000963
2009-06-16 12:37 LupusMichaelis Note Added: 0000966
2009-07-09 17:53 derick Note Added: 0000986
2009-07-09 17:53 derick Status new => closed
2009-07-09 17:53 derick Resolution open => fixed
2016-07-31 12:35 derick Category Debug client (console) => debugclient (debugging tool)
2016-07-31 12:35 derick Category debugclient (debugging tool) => (No Category)